On Demand Audio

The HIPAA Compliance Plan: Keeping PHI Private and Secure

(411 reviews)

Produced on June 05, 2017

Taught by
$ 89 Health Care In Stock
Get started now

$299 / year - Access to this Course and 1,500+ Lawline courses


Course Information

Time 1h 2m
Difficulty Advanced
Topics covered in this course: Health Care

Course Description

Over and over again, the Office of Civil Rights (“OCR”) of the U.S. Department of Health and Human Services has found that covered entities and their business associates who engage in activities regulated by HIPAA have failed to develop compliance plans that sufficiently protect the privacy and security of protected health information (“PHI”). In this program, David N. Crapo, of the Health Law Team and Financial Restructuring and Creditors’ Rights Group of Gibbons P.C., will discuss the policies, procedures and protocols that should be included in a robust HIPAA compliance plan, as well as the basic means of implementing the plan.

The focus of this program will be on the development and implementation of a HIPAA compliance plan rather than as a substantive HIPAA law, although relevant aspects of the substantive law will be addressed. Additionally, recognizing the speed at which technology is currently developing, this program will not focus on the technical nuts and bolts of a HIPAA compliance plan, but will direct the viewer to relevant sources discussing those nuts and bolts, which are updated regularly.  

Learning Objectives: 

  1. Identify the basis policies and considerations to be considered in creating a robust HIPAA compliance plan, particularly the need to ensure that the plan meets the needs of and is consistent with the capabilities of the covered entity or business associate
  2. Become familiar with the privacy, security and breach notification policies and procedures that must be included in a HIPAA compliance plan
  3. Understand the building blocks for implementing a robust HIPAA compliance plan, including:
    • Awareness of risks to the security and privacy of PHI and the means for addressing them
    • Being prepared to address a security incident or data breach
    • Having the appropriate HIPAA compliance staff in place
    • Training personnel and sanctioning HIPAA violations
    • Developing a culture conducive to protecting the privacy and security of PHI

Credit Information

After completing this course, Lawline will report your attendance information to {{ accredMasterState.state.name }}. Please ensure your license number is filled out in your profile to ensure timely reporting. For more information, see our {{ accredMasterState.state.name }} CLE Requirements page . After completing this course, {{ accredMasterState.state.name }} attorneys self-report their attendance and CLE compliance. For more information on how to report your CLE courses, see our {{ accredMasterState.state.name }} CLE Requirements FAQ .


David N. Crapo

Gibbons Law

David N. Crapo has extensive experience in the fields of bankruptcy, debtor/creditor law, commercial law and healthcare. His experience includes the negotiation and preparation of loan agreements and pleadings in connection with debtor-in-possession financing and/or use of the cash collateral of financial institutions, and other lenders, as well as analysis of commercial, corporate and municipal bond transactions to assess bankruptcy and insolvency-related risks and to make recommendations for minimizing those risks.

Mr. Crapo has represented numerous clients in connection with HIPAA and healthcare privacy issues, including: (i) the drafting and updating of HIPAA compliance manuals; (ii) the impact of HIPAA, the HITECH Act and the Breach Notification Rule on transactions; and (iii) analyzing and drafting business associate agreements. Mr. Crapo has also evaluated and assisted in the structuring of transactions to meet the requirements of various anti-kickback laws and the Stark law. He has revised medical staff bylaws to meet changes in the Joint Commission standards and has prepared hospital access agreements. Consistent with his extensive experience in bankruptcy law, Mr. Crapo has represented creditors and potential purchasers of the assets of healthcare-related debtors.

He has written on healthcare related issues and is a co-editor of the newsletter of the Health Law Committee of the American Bankruptcy Institute. Mr. Crapo has also drafted numerous insolvency-related bankruptcy opinions in connection with corporate and municipal bond transactions and has authored or co-authored many articles on bankruptcy-related subjects.

To facilitate the development of the Gibbons Health Care practice, Mr. Crapo earned a LL.M. in Health Law and Policy.


Seton Hall University School of Law (LL.M, 2012)

University of Houston Law Center (J.D., with honors, 1984)

University of Wisconsin at Madison (M.A., 1979)

Boston College (A.B., summa cum laude, 1978)

Professional Admissions

State of Texas 1984

State of New Jersey 1991

United States District Court for the District of New Jersey 1991

United States District Court for the Southern District of New York 2003

United States District Court for the Northern District of Texas 1985

United States Bankruptcy Court for the District of New Jersey 1991

United States Bankruptcy Court for the Southern District of New York 2003

United States Court of Appeals for the Third Circuit 2000

United States Court of Appeals for the Second Circuit 2010

Professional Activities

Member, Health Law, Secured Transactions and Bankruptcy Taxation Committees of the American Bankruptcy Institute

Member, American Bar Association, Health Law Section

Member, American Health Lawyers Association

Member, New Jersey State Bar Association, Bankruptcy Law and Health and Hospital Law Sections

Member, State Bar of Texas

Lecturer, ABA Taxation Division

Lecturer, Essex County Bar Association, Creditor/Debtor Committee

Lecturer, Bench-Bar Conference of the New Jersey State Bar Association Bankruptcy Law Section, tax-related issues in bankruptcy

Lecturer, Law Education Institute, Inc., National CLE Conference in Colorado (January 2002) (on bankruptcy-remote entities)



Terry N.

Faculty member strictly read the slides that viewers could see, making the presentation very boring and difficult to remain interested.

Julia A.

Mr. Crapo did a marvelous job of presenting substantive legal content coupled with practical suggestions.

Frederic V.

Speaker presented material in a clear manner.

Peter F.

Detailed and thorough. Thank you.

Frederick K.

Helpful program in understanding HIPAA.

Shelley K.

Very comprehensive review of necessary policies and procedures for HIPAA privacy and security. Helpful!

Karen S.

Appreciated his recommendations on a compliance plan.

Elliot F.

Good general overview of a very complex subject.

Lynn C.

The power point information is especially useful.

Load More